Brad Bishop | 64c979e | 2019-11-04 13:55:29 -0500 | [diff] [blame^] | 1 | Backport commit to fix compile error on arm caused by commits which are |
| 2 | to fix CVE-2018-5743. |
| 3 | |
| 4 | CVE: CVE-2018-5743 |
| 5 | Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780] |
| 6 | |
| 7 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 8 | |
| 9 | From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 |
| 10 | From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> |
| 11 | Date: Wed, 17 Apr 2019 15:22:27 +0200 |
| 12 | Subject: [PATCH] Replace atomic operations in bin/named/client.c with |
| 13 | isc_refcount reference counting |
| 14 | |
| 15 | --- |
| 16 | bin/named/client.c | 18 +++++++----------- |
| 17 | bin/named/include/named/interfacemgr.h | 5 +++-- |
| 18 | bin/named/interfacemgr.c | 7 +++++-- |
| 19 | 3 files changed, 15 insertions(+), 15 deletions(-) |
| 20 | |
| 21 | diff --git a/bin/named/client.c b/bin/named/client.c |
| 22 | index 845326abc0..29fecadca8 100644 |
| 23 | --- a/bin/named/client.c |
| 24 | +++ b/bin/named/client.c |
| 25 | @@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { |
| 26 | static void |
| 27 | mark_tcp_active(ns_client_t *client, bool active) { |
| 28 | if (active && !client->tcpactive) { |
| 29 | - isc_atomic_xadd(&client->interface->ntcpactive, 1); |
| 30 | + isc_refcount_increment0(&client->interface->ntcpactive, NULL); |
| 31 | client->tcpactive = active; |
| 32 | } else if (!active && client->tcpactive) { |
| 33 | - uint32_t old = |
| 34 | - isc_atomic_xadd(&client->interface->ntcpactive, -1); |
| 35 | - INSIST(old > 0); |
| 36 | + isc_refcount_decrement(&client->interface->ntcpactive, NULL); |
| 37 | client->tcpactive = active; |
| 38 | } |
| 39 | } |
| 40 | @@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { |
| 41 | if (client->mortal && TCP_CLIENT(client) && |
| 42 | client->newstate != NS_CLIENTSTATE_FREED && |
| 43 | !ns_g_clienttest && |
| 44 | - isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) |
| 45 | + isc_refcount_current(&client->interface->ntcpaccepting) == 0) |
| 46 | { |
| 47 | /* Nobody else is accepting */ |
| 48 | client->mortal = false; |
| 49 | @@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { |
| 50 | isc_result_t result; |
| 51 | ns_client_t *client = event->ev_arg; |
| 52 | isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; |
| 53 | - uint32_t old; |
| 54 | |
| 55 | REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); |
| 56 | REQUIRE(NS_CLIENT_VALID(client)); |
| 57 | @@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { |
| 58 | INSIST(client->naccepts == 1); |
| 59 | client->naccepts--; |
| 60 | |
| 61 | - old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); |
| 62 | - INSIST(old > 0); |
| 63 | + isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); |
| 64 | |
| 65 | /* |
| 66 | * We must take ownership of the new socket before the exit |
| 67 | @@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { |
| 68 | * quota is tcp-clients plus the number of listening |
| 69 | * interfaces plus 1.) |
| 70 | */ |
| 71 | - exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > |
| 72 | - (client->tcpactive ? 1 : 0)); |
| 73 | + exit = (isc_refcount_current(&client->interface->ntcpactive) > |
| 74 | + (client->tcpactive ? 1U : 0U)); |
| 75 | if (exit) { |
| 76 | client->newstate = NS_CLIENTSTATE_INACTIVE; |
| 77 | (void)exit_check(client); |
| 78 | @@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { |
| 79 | * listening for connections itself to prevent the interface |
| 80 | * going dead. |
| 81 | */ |
| 82 | - isc_atomic_xadd(&client->interface->ntcpaccepting, 1); |
| 83 | + isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); |
| 84 | } |
| 85 | |
| 86 | static void |
| 87 | diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h |
| 88 | index 3535ef22a8..6e10f210fd 100644 |
| 89 | --- a/bin/named/include/named/interfacemgr.h |
| 90 | +++ b/bin/named/include/named/interfacemgr.h |
| 91 | @@ -45,6 +45,7 @@ |
| 92 | #include <isc/magic.h> |
| 93 | #include <isc/mem.h> |
| 94 | #include <isc/socket.h> |
| 95 | +#include <isc/refcount.h> |
| 96 | |
| 97 | #include <dns/result.h> |
| 98 | |
| 99 | @@ -75,11 +76,11 @@ struct ns_interface { |
| 100 | /*%< UDP dispatchers. */ |
| 101 | isc_socket_t * tcpsocket; /*%< TCP socket. */ |
| 102 | isc_dscp_t dscp; /*%< "listen-on" DSCP value */ |
| 103 | - int32_t ntcpaccepting; /*%< Number of clients |
| 104 | + isc_refcount_t ntcpaccepting; /*%< Number of clients |
| 105 | ready to accept new |
| 106 | TCP connections on this |
| 107 | interface */ |
| 108 | - int32_t ntcpactive; /*%< Number of clients |
| 109 | + isc_refcount_t ntcpactive; /*%< Number of clients |
| 110 | servicing TCP queries |
| 111 | (whether accepting or |
| 112 | connected) */ |
| 113 | diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c |
| 114 | index d9f6df5802..135533be6b 100644 |
| 115 | --- a/bin/named/interfacemgr.c |
| 116 | +++ b/bin/named/interfacemgr.c |
| 117 | @@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, |
| 118 | * connections will be handled in parallel even though there is |
| 119 | * only one client initially. |
| 120 | */ |
| 121 | - ifp->ntcpaccepting = 0; |
| 122 | - ifp->ntcpactive = 0; |
| 123 | + isc_refcount_init(&ifp->ntcpaccepting, 0); |
| 124 | + isc_refcount_init(&ifp->ntcpactive, 0); |
| 125 | |
| 126 | ifp->nudpdispatch = 0; |
| 127 | |
| 128 | @@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { |
| 129 | |
| 130 | ns_interfacemgr_detach(&ifp->mgr); |
| 131 | |
| 132 | + isc_refcount_destroy(&ifp->ntcpactive); |
| 133 | + isc_refcount_destroy(&ifp->ntcpaccepting); |
| 134 | + |
| 135 | ifp->magic = 0; |
| 136 | isc_mem_put(mctx, ifp, sizeof(*ifp)); |
| 137 | } |
| 138 | -- |
| 139 | 2.20.1 |
| 140 | |